Remove rolcatupdate

This role attribute is an ancient PostgreSQL feature, but could only be set by directly updating the system catalogs, and it doesn't have any clearly defined use. Author: Adam Brightwell <adam.brightwell@crunchydatasolutions.com>
2015-03-06 23:42:38 -05:00 · 2015-03-06 23:42:38 -05:00 · bb8582abf3
parent 6510c832bb
commit bb8582abf3
8 changed files with 17 additions and 90 deletions
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@ -1415,15 +1415,6 @@
      <entry>Role can create databases</entry>
     </row>

-     <row>
-      <entry><structfield>rolcatupdate</structfield></entry>
-      <entry><type>bool</type></entry>
-      <entry>
-       Role can update system catalogs directly.  (Even a superuser cannot do
-       this unless this column is true)
-      </entry>
-     </row>
-
     <row>
      <entry><structfield>rolcanlogin</structfield></entry>
      <entry><type>bool</type></entry>
@ -8491,16 +8482,6 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
      <entry>Role can create databases</entry>
     </row>

-     <row>
-      <entry><structfield>rolcatupdate</structfield></entry>
-      <entry><type>bool</type></entry>
-      <entry></entry>
-      <entry>
-       Role can update system catalogs directly.  (Even a superuser cannot do
-       this unless this column is true)
-      </entry>
-     </row>
-
     <row>
      <entry><structfield>rolcanlogin</structfield></entry>
      <entry><type>bool</type></entry>
@ -9019,16 +9000,6 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
      <entry>User is a superuser</entry>
     </row>

-     <row>
-      <entry><structfield>usecatupd</structfield></entry>
-      <entry><type>bool</type></entry>
-      <entry></entry>
-      <entry>
-       User can update system catalogs.  (Even a superuser cannot do
-       this unless this column is true.)
-      </entry>
-     </row>
-
     <row>
      <entry><structfield>userepl</structfield></entry>
      <entry><type>bool</type></entry>
@ -9506,15 +9477,6 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
      <entry>User is a superuser</entry>
     </row>

-     <row>
-      <entry><structfield>usecatupd</structfield></entry>
-      <entry><type>bool</type></entry>
-      <entry>
-       User can update system catalogs.  (Even a superuser cannot do
-       this unless this column is true.)
-      </entry>
-     </row>
-
     <row>
      <entry><structfield>userepl</structfield></entry>
      <entry><type>bool</type></entry>
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@ -3423,26 +3423,6 @@ aclcheck_error_type(AclResult aclerr, Oid typeOid)
 }


-/* Check if given user has rolcatupdate privilege according to pg_authid */
-static bool
-has_rolcatupdate(Oid roleid)
-{
-	bool		rolcatupdate;
-	HeapTuple	tuple;
-
-	tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
-	if (!HeapTupleIsValid(tuple))
-		ereport(ERROR,
-				(errcode(ERRCODE_UNDEFINED_OBJECT),
-				 errmsg("role with OID %u does not exist", roleid)));
-
-	rolcatupdate = ((Form_pg_authid) GETSTRUCT(tuple))->rolcatupdate;
-
-	ReleaseSysCache(tuple);
-
-	return rolcatupdate;
-}
-
 /*
 * Relay for the various pg_*_mask routines depending on object kind
 */
@ -3620,8 +3600,7 @@ pg_class_aclmask(Oid table_oid, Oid roleid,

 	/*
 	 * Deny anyone permission to update a system catalog unless
-	 * pg_authid.rolcatupdate is set.   (This is to let superusers protect
-	 * themselves from themselves.)  Also allow it if allowSystemTableMods.
+	 * pg_authid.rolsuper is set.  Also allow it if allowSystemTableMods.
 	 *
 	 * As of 7.4 we have some updatable system views; those shouldn't be
 	 * protected in this way.  Assume the view rules can take care of
@ -3630,7 +3609,7 @@ pg_class_aclmask(Oid table_oid, Oid roleid,
 	if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
 		IsSystemClass(table_oid, classForm) &&
 		classForm->relkind != RELKIND_VIEW &&
-		!has_rolcatupdate(roleid) &&
+		!superuser_arg(roleid) &&
 		!allowSystemTableMods)
 	{
 #ifdef ACLDEBUG
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@ -13,7 +13,6 @@ CREATE VIEW pg_roles AS
        rolinherit,
        rolcreaterole,
        rolcreatedb,
-        rolcatupdate,
        rolcanlogin,
        rolreplication,
        rolconnlimit,
@ -31,7 +30,6 @@ CREATE VIEW pg_shadow AS
        pg_authid.oid AS usesysid,
        rolcreatedb AS usecreatedb,
        rolsuper AS usesuper,
-        rolcatupdate AS usecatupd,
        rolreplication AS userepl,
        rolbypassrls AS usebypassrls,
        rolpassword AS passwd,
@ -57,7 +55,6 @@ CREATE VIEW pg_user AS
        usesysid,
        usecreatedb,
        usesuper,
-        usecatupd,
        userepl,
        usebypassrls,
        '********'::text as passwd,
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@ -368,8 +368,6 @@ CreateRole(CreateRoleStmt *stmt)
 	new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(inherit);
 	new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(createrole);
 	new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(createdb);
-	/* superuser gets catupdate right by default */
-	new_record[Anum_pg_authid_rolcatupdate - 1] = BoolGetDatum(issuper);
 	new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(canlogin);
 	new_record[Anum_pg_authid_rolreplication - 1] = BoolGetDatum(isreplication);
 	new_record[Anum_pg_authid_rolconnlimit - 1] = Int32GetDatum(connlimit);
@ -734,20 +732,12 @@ AlterRole(AlterRoleStmt *stmt)
 	MemSet(new_record_repl, false, sizeof(new_record_repl));

 	/*
-	 * issuper/createrole/catupdate/etc
-	 *
-	 * XXX It's rather unclear how to handle catupdate.  It's probably best to
-	 * keep it equal to the superuser status, otherwise you could end up with
-	 * a situation where no existing superuser can alter the catalogs,
-	 * including pg_authid!
+	 * issuper/createrole/etc
 	 */
 	if (issuper >= 0)
 	{
 		new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(issuper > 0);
 		new_record_repl[Anum_pg_authid_rolsuper - 1] = true;
-
-		new_record[Anum_pg_authid_rolcatupdate - 1] = BoolGetDatum(issuper > 0);
-		new_record_repl[Anum_pg_authid_rolcatupdate - 1] = true;
 	}

 	if (inherit >= 0)
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@ -53,6 +53,6 @@
 */

 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	201503031
+#define CATALOG_VERSION_NO	201503061

 #endif
--- a/src/include/catalog/pg_authid.h
+++ b/src/include/catalog/pg_authid.h
@ -49,7 +49,6 @@ CATALOG(pg_authid,1260) BKI_SHARED_RELATION BKI_ROWTYPE_OID(2842) BKI_SCHEMA_MAC
 	bool		rolinherit;		/* inherit privileges from other roles? */
 	bool		rolcreaterole;	/* allowed to create more roles? */
 	bool		rolcreatedb;	/* allowed to create databases? */
-	bool		rolcatupdate;	/* allowed to alter catalogs manually? */
 	bool		rolcanlogin;	/* allowed to log in as session user? */
 	bool		rolreplication; /* role used for streaming replication */
 	bool		rolbypassrls;	/* allowed to bypass row level security? */
@ -76,19 +75,18 @@ typedef FormData_pg_authid *Form_pg_authid;
 *		compiler constants for pg_authid
 * ----------------
 */
-#define Natts_pg_authid					12
+#define Natts_pg_authid					11
 #define Anum_pg_authid_rolname			1
 #define Anum_pg_authid_rolsuper			2
 #define Anum_pg_authid_rolinherit		3
 #define Anum_pg_authid_rolcreaterole	4
 #define Anum_pg_authid_rolcreatedb		5
-#define Anum_pg_authid_rolcatupdate		6
-#define Anum_pg_authid_rolcanlogin		7
-#define Anum_pg_authid_rolreplication	8
-#define Anum_pg_authid_rolbypassrls		9
-#define Anum_pg_authid_rolconnlimit		10
-#define Anum_pg_authid_rolpassword		11
-#define Anum_pg_authid_rolvaliduntil	12
+#define Anum_pg_authid_rolcanlogin		6
+#define Anum_pg_authid_rolreplication	7
+#define Anum_pg_authid_rolbypassrls		8
+#define Anum_pg_authid_rolconnlimit		9
+#define Anum_pg_authid_rolpassword		10
+#define Anum_pg_authid_rolvaliduntil	11

 /* ----------------
 *		initial contents of pg_authid
@ -97,7 +95,7 @@ typedef FormData_pg_authid *Form_pg_authid;
 * user choices.
 * ----------------
 */
-DATA(insert OID = 10 ( "POSTGRES" t t t t t t t t -1 _null_ _null_));
+DATA(insert OID = 10 ( "POSTGRES" t t t t t t t -1 _null_ _null_));

 #define BOOTSTRAP_SUPERUSERID 10

--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@ -676,7 +676,11 @@ ERROR:  role "nosuchuser" does not exist
 select has_table_privilege('pg_authid','sel');
 ERROR:  unrecognized privilege type: "sel"
 select has_table_privilege(-999999,'pg_authid','update');
-ERROR:  role with OID 4293967297 does not exist
+ has_table_privilege 
+---------------------
+ f
+(1 row)
+
 select has_table_privilege(1,'select');
 has_table_privilege 
 ---------------------
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@ -1406,7 +1406,6 @@ pg_roles| SELECT pg_authid.rolname,
    pg_authid.rolinherit,
    pg_authid.rolcreaterole,
    pg_authid.rolcreatedb,
-    pg_authid.rolcatupdate,
    pg_authid.rolcanlogin,
    pg_authid.rolreplication,
    pg_authid.rolconnlimit,
@ -1607,7 +1606,6 @@ pg_shadow| SELECT pg_authid.rolname AS usename,
    pg_authid.oid AS usesysid,
    pg_authid.rolcreatedb AS usecreatedb,
    pg_authid.rolsuper AS usesuper,
-    pg_authid.rolcatupdate AS usecatupd,
    pg_authid.rolreplication AS userepl,
    pg_authid.rolbypassrls AS usebypassrls,
    pg_authid.rolpassword AS passwd,
@ -2062,7 +2060,6 @@ pg_user| SELECT pg_shadow.usename,
    pg_shadow.usesysid,
    pg_shadow.usecreatedb,
    pg_shadow.usesuper,
-    pg_shadow.usecatupd,
    pg_shadow.userepl,
    pg_shadow.usebypassrls,
    '********'::text AS passwd,